• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

gCards Multiple Input Validation Vulnerabilities



The gCards application is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The following vulnerabilities can occur:

- Cross-site scripting
- SQL injection
- directory traversal
- local file include.

An attacker can access sensitive information, possibly obtain authentication credentials, manipulate SQL query logic to compromise data, and retrieve arbitrary files from the vulnerable system in the context of the webserver process.